SSL_read error on multiple simultaneous upstream SSL downloads
Maxim Dounin
mdounin at mdounin.ru
Mon Oct 21 19:49:37 UTC 2013
Hello!
On Mon, Oct 21, 2013 at 05:50:31PM +0000, Agent Coulson wrote:
> Hi!
>
> thanks for that input, I have done some debugging and examined the SSL
> context when this state arrises. Two SSL* structs (from different
> connections) point to the same packet data. Disabling the read_ahead flag
> mitigates this.
>
> I've attached a patch, after applying I was unable to repro using
> openssl-1.0.1e.
>
> I'll submit a report to the upstream openssl project.
Disabling the read_ahead as a workaround looks wrong for me.
While it probably reduces a chance for a problem to appear, it's
likely still there.
Have you tried looking into the OpenSSL code to find out what
causes the actual problem?
I think it's likely SSL_MODE_RELEASE_BUFFERS related (and I indeed
can't reproduce the error without SSL_MODE_RELEASE_BUFFERS set),
but I don't see any obvious problems in the code.
--
Maxim Dounin
http://nginx.org/en/donation.html
More information about the nginx-devel
mailing list